DrayTek VigorPro 5300 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

DrayTek

VigorPro 5300

Page 96 / 304 Scroll up to view Page 91 - 95

VigorPro5300 Series User’s Guide

checking the Log box. It will be sent to Syslog server. Please refer

to section 3.14.4

Syslog/Mail Alert

for more detailed information.

Web Content Filter

Select one of the

Web Content Filter

profile settings (created in

CSM>> Web Content Filter Profile

) for applying with this router.

Please set at least one profile for anti-virus in

CSM>> Web

Content Filter Profile

web page first. For troubleshooting needs,

you can specify to record information for

Web Content Filter

checking the Log box. It will be sent to Syslog server. Please refer

to section 3.14.4

Syslog/Mail Alert

for more detailed information.

Anti-Virus

Select one of the anti-virus profile settings (created in

Defense

Configuration>>Anti-Virus>>Profile Setting

) for applying with

this router. Please set at least one profile for anti-virus in

Defense

Configuration>>Anti-Virus->

Profile

Setting

web page first. For

troubleshooting needs, you can specify to record information for

Anti-Virus

by checking the Log box. It will be sent to Syslog

server. Please refer to section 3.14.4

Syslog/Mail Alert

for more

detailed information.

Anti-Intrusion

Check the

Enable

box to invoke anti-intrusion filter function. For

troubleshooting needs, you can specify to record information for

Anti-Intrusion

by checking the Log box. It will be sent to Syslog

server. Please refer to section 3.14.4

Syslog/Mail Alert

for more

detailed information.

Anti-Spam

Select one of the anti-spam profile settings (created in

Defense

Configuration>>Anti-Spam>>Profile Setting

) for applying with

this router. Please set at least one profile for anti-spam in

Defense

Configuration>>Anti-Spam>>Profile Setting

web page first. For

troubleshooting needs, you can specify to record information for

Anti-Spam

by checking the Log box. It will be sent to Syslog

server. Please refer to section 3.14.4

Syslog/Mail Alert

for more

detailed information.

Advance Setting

Click

Edit

to open the following window. Click

Edit

to open the

following window. However, it is

strongly recommended

to use

the default settings here.

Codepage

- This function is used to compare the characters among

different languages. Choose correct codepage can help the system

obtaining correct ASCII after decoding data from URL and

enhance the correctness of URL Content Filter. The default value

for this setting is ANSI 1252 Latin I. If you do not choose any

Page 97 / 304

VigorPro5300 Series User’s Guide

codepage, no decoding job of URL will be processed. Please use

the drop-down list to choose a codepage.

If you do not have any idea of choosing suitable codepage, please

open Syslog. From Codepage Information of Setup dialog, you will

see the recommended codepage listed on the dialog box.

Window size

– It determines the size of TCP protocol (0~65535).

The more the value is, the better the performance will be. However,

if the network is not stable, small value will be proper.

Session timeout

/Queue timeout

–Setting timeout for sessions can

make the best utilization of network resources. However, Queue

timeout is configured for TCP protocol only; session timeout is

configured for the data flow which matched with the firewall rule.

Max. Queue length

- When the network connection is not stable,

you can set large number for this setting to get better performance.

Yet large value will consume large resource.

Retransmission queue length

– Type the number here as a base

for the router to verify if the retransmitted data is the same as the

old one.

Example

As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call

filter or data filter. You may preset 12 call filters and data filters in

Filter Setup

and even

link them in a serial manner. Each filter set is composed by 7 filter rules, which can be

further defined. After that, in

General Setup

you may specify one set for call filter and one

set for data filter to execute first.

Page 98 / 304

VigorPro5300 Series User’s Guide

Page 99 / 304

VigorPro5300 Series User’s Guide

3.6.4 DoS Defense

As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/defense function in

the

DoS Defense

setup. The DoS Defense functionality is disabled for default.

Click

Firewall

and click

DoS Defense

to open the setup page.

Enable Dos Defense

Check the box to activate the DoS Defense Functionality.

Enable SYN flood

defense

Check the box to activate the SYN flood defense function. Once

detecting the Threshold of the TCP SYN packets from the

Internet has exceeded the defined value, the Vigor router will start

to randomly discard the subsequent TCP SYN packets for a

period defined in Timeout. The goal for this is prevent the TCP

SYN packets’ attempt to exhaust the limited-resource of Vigor

router. By default, the threshold and timeout values are set to 50

packets per second and 10 seconds, respectively.

Enable UDP flood

defense

Check the box to activate the UDP flood defense function. Once

detecting the Threshold of the UDP packets from the Internet has

exceeded the defined value, the Vigor router will start to

randomly discard the subsequent UDP packets for a period

defined in Timeout. The default setting for threshold and timeout

are 150 packets per second and 10 seconds, respectively.

Enable ICMP flood

defense

Check the box to activate the ICMP flood defense function.

Similar to the UDP flood defense function, once if the Threshold

of ICMP packets from Internet has exceeded the defined value, the

router will discard the ICMP echo requests coming from the

Internet. The default setting for threshold and timeout are 50

packets per second and 10 seconds, respectively.

Enable PortScan

detection

Port Scan attacks the Vigor router by sending lots of packets to

many ports in an attempt to find ignorant services would respond.

Check the box to activate the Port Scan detection. Whenever

detecting this malicious exploration behavior by monitoring the

port-scanning Threshold rate, the Vigor router will send out a

warning. By default, the Vigor router sets the threshold as 150

Page 100 / 304

VigorPro5300 Series User’s Guide

packets per second.

Block IP options

Check the box to activate the Block IP options function. The Vigor

router will ignore any IP packets with IP option field in the

datagram header. The reason for limitation is IP option appears to

be a vulnerability of the security for the LAN because it will carry

significant information, such as security, TCC (closed user group)

parameters, a series of Internet addresses, routing messages...etc.

An eavesdropper outside might learn the details of your private

networks.

Block Land

Check the box to enforce the Vigor router to defense the Land

attacks. The Land attack combines the SYN attack technology with

IP spoofing. A Land attack occurs when an attacker sends spoofed

SYN packets with the identical source and destination addresses, as

well as the port number to victims.

Block Smurf

Check the box to activate the Block Smurf function. The Vigor

router will ignore any broadcasting ICMP echo request.

Block trace router

Check the box to enforce the Vigor router not to forward any trace

route packets.

Block SYN fragment

Check the box to activate the Block SYN fragment function. The

Vigor router will drop any packets having SYN flag and more

fragment bit set.

Block Fraggle Attack

Check the box to activate the Block fraggle Attack function. Any

broadcast UDP packets received from the Internet is blocked.

Activating the DoS/DDoS defense functionality might block some

legal packets. For example, when you activate the fraggle attack

defense, all broadcast UDP packets coming from the Internet are

blocked. Therefore, the RIP packets from the Internet might be

dropped.

Block TCP flag scan

Check the box to activate the Block TCP flag scan function. Any

TCP packet with anomaly flag setting is dropped. Those scanning

activities include

no flag scan

FIN without ACK scan

SYN FINscan

Xmas scan

and

full Xmas scan

Block Tear Drop

Check the box to activate the Block Tear Drop function. Many

machines may crash when receiving ICMP datagrams (packets) that

exceed the maximum length. To avoid this type of attack, the Vigor

router is designed to be capable of discarding any fragmented ICMP

packets with a length greater than 1024 octets.

Block Ping of Death

Check the box to activate the Block Ping of Death function. This

attack involves the perpetrator sending overlapping packets to the

target hosts so that those target hosts will hang once they

re-construct the packets. The Vigor routers will block any packets

realizing this attacking activity.

Block ICMP Fragment

Check the box to activate the Block ICMP fragment function. Any

ICMP packets with more fragment bit set are dropped.

Block Unknown

Protocol

Check the box to activate the Block Unknown Protocol function.

Individual IP packet has a protocol field in the datagram header to

indicate the protocol type running over the upper layer. However,

the protocol types greater than 100 are reserved and undefined at

this time. Therefore, the router should have ability to detect and

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share